GetResponse Privacy Policy

If you don’t have much time, please find below a summary of how GetResponse processes Personal Data.

WHO WE ARE. We are GetResponse, a limited liability company with its registered office in Gdansk (80-387), Arkonska 6, A3, National Court Register No. 0000187388, TAX ID (EU VAT) 9581468984. We process Personal Data of
our Customers and our Platform Users as a data controller. We also act as a data processor – when our Customers engage us in data processing in order to enable them to carry out operations on that data using our tools and services. Read more.

HOW WE PROCESS YOUR DATA. As a Data controller we will process your Data to enable you to create an Account, to provide you with our Service, and if you agree, to send you marketing communication, which we may tailor
to your interests. Read more.

WHY WE PROCESS YOUR DATA. We have the right to process your Data for different reasons. The most important one is that we need it to carry out the agreement concluded with you the moment you accept our Terms of Service
and to enable you to use our Platform. There are also other reasons that require us to process the Data, e.g. preparing an answer to your queries or your consent to receive our newsletter. Read more.

WHO WE DISCLOSE YOUR DATA TO. We disclose your data only to service providers who support us in the role of data processors or separate data controllers. Read more.

YOUR RIGHTS. You have the right to access, rectify or erase your Personal Data as well as to lodge a complaint with a supervisory authority. In some cases, you also have other rights, for example, to withdraw your consent
for Data processing, to object to Data processing, and to Data portability. Read more.

Please read the entire content of our Privacy Policy below, to fully understand how we will process your Personal Data and how you can exercise your rights connected to Data processing.

Privacy Policy

This Privacy Policy describes how we protect Personal Data of our Customers and Users. We appreciate the trust you put in us, and we assure you that we make every effort to give you full control over your Personal Data. Below we have described, as transparently
as possible, the scope of data we process when providing the Service and the Platform, the purposes and methods of processing, security measures, and your rights connected with the processing of your Personal Data. By using our Service or our
Platform, you accept all rules applied by GetResponse, so please read this Privacy Policy carefully beforehand. If you don’t agree to this Policy or can’t comply with it, you shouldn’t begin to use our Service or our Platform.

Glossary of basic concepts

Below you’ll find the list of basic concepts that will help you better understand this Policy:

Account - individual space provided to the Customer on the GetResponse Platform (after logging in) for the purpose of using the Service.

Customer - person using our Service to conduct their commercial or professional activities, regardless of the legal form of such activities.

Data concerning activity within the Platform or Service - the data concerning your activity within the Service or Platform, data concerning your session, your device and operational system, browser, localization and unique ID as registered
and stored with the use of cookie or tracking scripts. This data includes in particular: browsing history, clicks within the Platform, visits to the main page and subsections of the Platform, dates of creating an Account and logging into the Account,
the data related to the use of individual services in the Platform and Service, history and activities connected to our email communication with you.

Data provided as Account details - personal data given by the User in the “Account details” tab, consisting of: first name, last name, company or organization, address, email address, phone number, country, time zone, payment information,
industry, number of employees.

GDPR - Regulation (EU) 2016/679 of The European Parliament and of The Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive
95/46/EC (General Data Protection Regulation).

Personal Data - data of our Customers, data entrusted to us by our Customers for processing and data of our Users, processed in relation to the use of the Service or Platform.

Privacy Settings - space in the Customer Account where the Customer can manage their preferences of privacy protection and exercise their rights as data subjects.

Processing - operations performed on Personal Data such as collection, recording, storage, adaptation or alteration, disclosure, creating backup copies, and other operations necessary to provide the Service or use the Platform.

Registration Data - the data given in registration forms available in the Platform: email address, name.

Service - all services provided by GetResponse electronically in the Software-as-a-Service model (Saas), including in particular providing the Customer with the possibility of using the Account, managing the Data entrusted to GetResponse
for the purpose of processing, and conducting marketing campaigns.

Capitalized terms that are not expressly defined in this document have the meanings assigned to them in the GetResponse Terms of Service.

Who are we? Our contact details.

GetResponse as data controller and data processor

Unless stated otherwise, we process your Personal Data as a data controller in connection with your use of the Service or the Platform. As such, we determine the purposes and means of the processing of Personal Data.

How do we use the data? Your Personal Data and how we process it.

The rules of how we process your Data, along with the purposes and scope of the processing vary depending on whether you are our Customer or Platform User. Below, we list the information about the Data we process concerning the specific purposes we need
it for.

To provide the Service or Platform

While providing the Service or Platform, we carry out a set of operations that include: administrative activities related to concluding an agreement based on the acceptance of the Terms of Use, creating a Customer Account and Customer authentication
within the Account, providing materials requested by Customers or Users (also those who do not have an Account, but use our Platform), activities related to the performance of the Service, including sending you communication related to use or functioning of the Service (in particular system and transactional e-mails), providing Customer support, handling complaints and other
requests, charging due fees, seeking redress, and monitoring the quality of the Service and Platform.

What Data do we use and for what purposes?

To create your account and provide the Service, we process the following Data:

Registration Data and the password you set up.

We only store encrypted passwords and we do not have access to them.

To provide you with our Services (i.e., after you log in to your Account as our Customer), we process the following Data:

Data provided as Account details,

Personal data included in the content you send using the Service,

Data concerning activity within the Platform or Service.

As a Data processor, we also process Personal Data entrusted to us by the Customer for the purpose of using the Service.

You can use the Platform without creating an Account, e.g., by downloading ebooks and other training materials, by signing up for our newsletter on new articles on our blog or in Resources, by signing up for a webinar, training, or another event we
organize or participate in, by submitting a draft to our blog.

To enable you to use our Platform, we process the following Data:

Data concerning activity within the Platform or Service,

Registration Data.

For legitimate interests

We process the data for legitimate interests of GetResponse described below, taking into consideration the relationship with our Customers or Users.

What Data do we use and for what purposes?

For analytical purposes. To keep statistics on the use of the Service and the Platform, helping us to improve the Service and the Platform, and to ensure network and information security, we process the following Data:

email address,

Data concerning activity within the Platform or Service.

To exercise legal claims. If necessary, to establish, exercise, or defend legal claims, we process the following Data:

Data provided as Account details,

Data concerning activity within the Platform or Service necessary to establish a claim,

other data necessary to support the claim, establish the scope of damage and other circumstances regarding the damage.

To answer your queries. To respond to your queries, petitions, and complaints, we may process the following Data:

Data provided as Account details,

Data concerning activity within the Platform or Service that’s the subject of your query, petition, or complaint,

data included in the query, petition, or complaint and the attached documents.

To conduct Customer satisfaction surveys. To verify Customer satisfaction with the Platform or Service, we may process the following Data:

Registration Data,

answers to our survey questions.

To prevent fraud and abuse. To monitor, prevent, detect, and combat fraud and abuse, including sending unsolicited content (SPAM), to protect our Customers against such abuse and to ensure network and information security, we
may process the following Data:

Data provided as Account details,

Data concerning activity within the Platform or Service necessary to verify potential fraud or abuse,

Data entrusted by the Customer for the purposes of providing the Service.

To send marketing communication

What Data do we use and for what purposes?

To send our Customers and Users marketing and promotional communication regarding our Service or Platform, we may process the following Data:

Registration Data

For marketing purposes, including creating your profile

Tailoring our Platform and Service to your preferences

We want our Service and Platform, including our marketing communication (as long as you agreed to receive it), to be tailored to your needs and preferences (profiling). We describe the nature of the profiling we carry out below.

What Data do we use and for what purposes?

To develop sales and marketing of our services, including creating Customer or User profiles, tailored to your interests and preferences, we process the following Data:

Registration data,

Data provided as Account details,

Data concerning activity within the Platform or Service.

If you have agreed to receive marketing and promotional materials, we will match the marketing and promotional content related to our products and services to your profile based on the above data. We will not send you communication about third-party
products or services.

Remarketing (displaying ads outside of the Platform)

To reach you with our marketing communication outside of our Platform, we use the services of third-party providers. These services display our marketing communication on websites other than the Platform To do this, we use codes to download
information about your activity within the Platform or Service. You can find more information on this topic in the Cookie Policy.

Why do we process your Data? The legal basis.

To provide the Service or Platform

We process your data because it is necessary to enable you to use our Service or Platform. In other words, we need to process your Personal Data to enable you to sign up as our Customer, or order our materials as our User. Otherwise, we wouldn’t be able
to provide the Service or enable you to use the Platform.

We need to process your data to perform the contract and provide our services. Art. 6.1(b) of GDPR).

For legitimate business interests

For analytical purposes. We believe we have a legitimate interest in analyzing Service and Platform operations and Customer and User satisfaction. We consider processing this data beneficial to Customers and Users. Our aim is to constantly
develop the Platform and to provide the Service of the highest quality of the Service.

To exercise legal claims. We believe we have a legitimate interest in processing your Data if it’s necessary to exercise claims concerning the use of the Service or the Platform that’s unlawful or incompatible with the Terms of Service
or to defend ourselves against such claims.

To answer your queries. We believe we have a legitimate interest in replying to petitions and queries made through one of the available channels. We consider processing this Data beneficial for you because it allows us to help you
and respond to your queries.

To conduct customer satisfaction surveys. We believe we have a legitimate interest in verifying if our Customers and Users are satisfied and what would help us improve the quality of the Service and the Platform.

To prevent fraud and abuse. We believe we have a legitimate interest in conducting necessary verification to detect and prevent potential fraud and abuse, including spam detection. We understand processing this Data is beneficial
for all parties involved, especially for you and your subscribers, because it allows us to set up precautions, protecting you and your subscribers against third parties sending malicious software or attempting fraud.

To send you marketing communication

This processing is based on your consent (Art. 6. sec. 1(a) of GDPR).

For marketing purposes including creating your profile

The legal basis for processing your Personal Data are legitimate interests of GetResponse (art. 6 sec. 1 (f) GDPR). We have a legitimate interest in analyzing how our Customers and Users use our Service and Platform, to improve and expand our customer
base. Users of the Platform who have expressed their interest in receiving marketing communication to their email address give us their free, specific, informed, and unambiguous consent. Hence, we have inferred that they would have a reasonable
expectation to receive such communication. At the same time, they expect that the communication we will send should be consistent with their interests. Personalized marketing communication allows our Customers to use our Service more effectively and
benefit from our attractive offers. For profiling, we use only the Data our Customers or Users provide us with or the Data concerning their activity within the Platform or Service. We’re only interested in what you do on our Platform or when
you use our Service, and not what you do on other websites. That’s why we decided that our interests are justified, legitimate, and at the same time, they don’t violate the rights or freedoms of our Users or Customers, which may override them.

Who we disclose your data to.

We transfer your Personal Data to the following categories of recipients:

Processors

We use the services of third-party providers, who process your Personal Data as data processors on our behalf. They provide us with services related to: supporting certain features of the Service (webinars), hosting, customer support, tracking security
incidents and responding to them, diagnosing and solving problems with the Service or Platform, web push notification display, analysis of marketing campaigns efficiency as well as analysis of use of the Service and Platform.

Other controllers

We cooperate with service providers who don’t act on our exclusive request and who themselves determine how they process personal data, in order to carry out remarketing campaigns and statistical analysis.

2. Which countries is your data transferred to?

Recipients who we transfer the data to are based mainly in Poland and other countries of the European Economic Area (EEA), e.g., France. Some of them are based outside of the EEA. We’ve made sure that our service providers guarantee a high level of personal
data protection. Depending on the provider, these safeguards result from:

participation in the „Privacy Shield” program based on the Commission Implementing Decision (EU) 2016/1250 of July 12, 2016, pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by
the EU-U.S. Privacy Shield (notified under document C (2016/4176), based on art. 45 sec. 1 GDPR, more about the program, or

Commission Decision of December 20, 2001, pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act
(notified under document number C (2001) 4539), based on art. 45 sec. 1 GDPR. More about the decision.

Your rights. You have control over your Data.

We make sure that our Customers and Users can exercise their rights concerning their Data. You may exercise your rights by filing a demand to the following email address: privacy@getresponse.com. All you
need to do is to inform us about the reason for your motion and the right you want to exercise. If you have an Account in the Service, you can exercise some of your rights directly after you log in to your Account. Please remember that if you change
your settings in the Account, we may need up to 3 hours to apply the changes in our systems due to technical reasons. That’s why during this time you may still receive an email message from our system while it’s updating your settings.

If we decide it’s necessary, we may ask you some additional questions or ask you to provide us with additional documents to confirm your identity.

It may sound obvious, but for the sake of clarity, we would still like to point out that exercising your rights described below is free of charge, with the possible exception of providing additional copies of your Data.

Under GDPR you have the following rights:

Right to express and withdraw your consent

If we ask for consent to process your Data, you can always choose to give it or not. We inform you about the right to withdraw your consent before giving consent. In our Platform, we never ask for one consent for different personal data processing operations,
and we never depend on the consent to execute the contract – including the provision of the Service – although consent is not necessary for its execution.

Additionally, you are entitled to withdraw any consent previously given at the point of creating an Account or using the Platform and Services, including:

Withdrawal of your consent is effective upon execution, and it does not affect the lawfulness of processing based on the consent before you withdraw it. You can always withdraw your consent without detriment. It may, however, render you unable to use
some of the features of the Platform or the Services which we may legally render only with your consent (e.g., receiving the newsletter on the new updates in our Resources).

We treat withdrawing your consent to receive marketing communication as objecting to profiling for marketing purposes.

Right of access

You have the right to obtain confirmation if we process your Personal Data. If we do, you have the right to:

receive information on the rules of such processing,

access your Personal Data,

receive a copy of your Data.

If you have an Account with the Service, you can directly access your personal data you provided at all times, after logging into your Account.

The first copy of your Data is free of charge. For any further copies you request, we may charge you a reasonable fee based on the administrative costs resulting from preparing this information.

Right to rectification

You have the right to rectify and complete the Personal Data you provide. You can do it yourself in your Account. Concerning other personal data, you have the right to have us rectify inaccurate personal data concerning you or complete your incomplete
personal data.

Right to erasure (“right to be forgotten”)

On the grounds described by the law, you have the right to have us erase your Personal Data. We’ll treat your demand to erase all your Personal Data as a demand to delete your Account.

You have the right to have us erase your Personal Data if:

the Personal Data has been unlawfully processed or has to be erased to comply with a legal obligation;

your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

you have withdrawn consent to the processing of your Data (and when there are no other legal grounds for processing);

you have objected to the processing of your Data for marketing-related purposes;

you have objected to the processing of your Data for statistical purposes of using the Platform or the Service and surveying customer satisfaction, and the objection has been considered legitimate.

We will keep some of your Data despite the demand to erase it if it’s necessary for performing our legal duties or establishing, pursuing, or defending a claim. It especially refers to Personal Data concerning your name, surname, email address, and the
Platform or Service use history, which we keep to be able to address complaints and claims connected to the Platform or use of the Service.

Right to restriction of processing

If you file such a demand, we will make some of the features of the Platform or Service connected to the processing of the Data covered by your demand unavailable to you while we review it. During that time, we will not send you any communication including
marketing communication.

You have the right to have us restrict the processing of your Data when one of the following applies:

you contest the accuracy of your Data;

the processing of your Data is unlawful, and you request the restriction of its use instead of erasing it;

we no longer need your Personal Data to process it, but you require it to establish, exercise, or defend legal claims;

In particular, you have the right to object to the processing of your Data for direct marketing purposes, including profiling. In such a case, we will no longer process your Data for these purposes and you will no longer receive any marketing information
from us. Additionally, we’ll treat the withdrawal of the consent to receive marketing communication about our products or services as an objection to the processing of your Data for direct marketing purposes, including profiling.

Regarding the processing for legitimate interests as pointed out above, if your objection turns out to be legitimate and we don’t have any other legal grounds for processing your Data, we will remove the
Data you don’t want us to process.

Right to data portability

If you set up a Customer Account or you consented to the processing of your Data, you have the right to receive your Personal Data you provided to us and transmit it to another controller in a structured, commonly used, machine-readable format. We will
send your Personal Data in .CSV format. This format is commonly used and machine-readable, and enables the transmission of your Data to another data controller.

If you are our Customer you may exercise your right after logging in to your Account.

Right to lodge a complaint with a supervisory authority

You have the right to complain to a supervisory authority concerning the processing of your Data. In Poland the supervisory authority is the President of the Personal Data Protection Office, contact details:

Other useful information

Do I have to provide GetResponse with my Personal Data?

Sometimes we ask you to provide us with your Personal Data. Providing:

Registration data

Data provided as Account details, and

other data (indicated as mandatory) in registration forms

is essential for us to create your Account, send you the requested materials or for enable you to participate in a chosen event. If you don’t provide us with the relevant data, you will not be able to use some or all features of the Platform or Service.
Providing us with data other than the mandatory data is voluntary.

How long do you store my Personal Data?

If you are our Customer, we store your Personal Data for the time during which you have an Account with our Service. When you deactivate your Account, we’ll store your Data for 60 days for the sole purpose of enabling you to reactivate the Account. During
that time we’ll only store your without any other processing activities subject to our other obligations or rights arising from applicable laws or public authority orders. After that time, we’ll delete your Personal Data from the main database, without
the possibility to recover it. In the next 120 days, your Personal Data will be subject to encryption and stored in backup copies only. The said 120-day period is required to delete the Personal Data completely due to the specifics of the backup copy
operations.

We’ll store the Personal Data of the Users who are not our Customers for the time corresponding to the lifecycles of the cookie files saved on their devices. You will find the details of how we use cookies in our Cookie Policy.

We’ll store the Personal Data of our newsletter subscribers or persons who have agreed to receive marketing content from us until they resign.

After expiration of the periods described above, your Data will be erased, excluding the following data:

name,

surname,

email address,

Service usage history,

and information about expressed consents.

We’ll store this data only for as long as we need to handle complaints and manage claims related to the use of the Service, and for as long as is required by tax and accounting regulations.

Why do I enter into a data processing agreement with GetResponse?

If you are our Customer and you have an establishment within the European Economic Area (EEA) or if GDPR applies to your operations for other reasons, you engage GetResponse in the processing of the personal data necessary to provide you with the Service
on terms and conditions stipulated in the Terms of Service.

Does GetResponse process personal data of children or special categories of personal data?

We don’t process personal data of children, and we don’t collect special categories of personal data. The Service and Platform are directed to adults, i.e., those who are over 18 (eighteen) years old and those who perform commercial activities. When
you start using the Platform or Service, you declare that you are over 18 years old. We ask minors not to share any information with us, especially personal data.

How does GetResponse protect my Personal Data?

We implemented adequate and effective measures to ensure the security of your personal data. The Platform uses encrypted data transmission (SSL, secure socket layer) during registration and login, which guarantees the protection of the data identifying
you and significantly impedes account data interception by unauthorized systems or people.

Does GetResponse use cookies?

You will find the details concerning the use of cookies in our Cookie Policy.

Updating our Privacy Policy

We may change this Privacy Policy at any time. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you and your Account. If we make changes to this Privacy Policy, we will notify you by publishing information
here before the changes take effect. If, however, we make material changes to this Policy, we may also send you a separate notification to the email address you provided us with.

The Privacy Policy does not restrict any of your rights under the Terms of Service or applicable provisions of the law.